I want to know if this approach leads to a security vulnerability like sql injection. If yes, how serious is the vulnerability? Is it possible for an attacker to do operations other than read-only ones with this?

Yes, you can inject a different query by changing req.body. For example, if you were looking up a specific crime, your req.body might look like { "_id" : "123456" }. But I could instead send { }. Then every document would match and the aggregation pipeline would process every document, which might be sufficient to cause performance problems. Since the aggregation pipeline never alters the original documents, you can't change the data, so it's a read-only attack but it could still be used to choke up your servers with collection scans and large-volume aggregation pipelines.